each file for the downloader ends in a signaturesignatures can be found by the

1. each file for the downloader ends in a signature
2. signatures can be found by the hex string
3. 01000000 00000000 00000000 00000000
4. followed by high-entropy bytes (basically no zeroes, no readable text or repeated values nearby)
5.  
6. 0x0 ... 0x2000 -> whatever, BL1
7. 0x2000 ... 0x15000 -> second image (encrypted TZ/EL3?)
8. 0x15000 ... 0x64000 -> ACPM and other stuff
9. 0x7D000 ... 1FD000 -> BL2, the actual s-boot
10.  
11. There are actually multiple images starting from 0x15000
12. but there is only one signature at the end.
13.  
14. 0x15000 ... 0x30c00 -> XXX
15. 0x30C00 ... 0x7d000 -> YYY
16. One of XXX and YYY is unknown and one is:
17. ACPM (Power controller) firmware, unsigned?
18.  
19.  
20.  
21. dd if=sboot.bin of=part1.bin bs=$((0x2000)) count=1
22. dd if=sboot.bin of=part2.bin bs=1 skip=$((0x2000)) count=$((0x15000-0x2000))
23. dd if=sboot.bin of=part3.bin bs=1 skip=$((0x15000)) count=$((0x64000-0x15000))
24. dd if=sboot.bin of=part4.bin bs=1 skip=$((0x7d000)) count=$((0x1fd000-0x7d000))